Hacktivists: when the threat from outside and the threat within meet

Earlier this week, Australian police announced they had arrested 24 year old Matthew Flannery (known online as Aush0k) who claimed to be the leader of ‘hacktivist’ group LulzSec. Although the group supposedly disbanded in 2011, Flannery has been charged with two counts of hacking into computer systems and faces up to twelve years in jail.

The Lulzsec group, renowned for their love of memes (especially nyan cat – a cartoon cat with a poptart body, shown here) and hatred of Justin Bieber and Rupert Murdoch, have slowly been unmasked one by one – largely thanks to a seven month undercover investigation.

In less than a year they were able to achieve global renown by attacking some of the internet’s highest profile websites and celebrities. Their exploits included:

Launching huge DDoS (Distributed Denial of Service) attacks against government bodies in the USA, UK and Brazil

Hacking the website of The Sun, claiming Rupert Murdoch had died, then redirecting the website to Lulzsec’s own twitter feed

Hacking groups like such as LulzSec and Anonymous, pose a serious threat to organisations.

Although their anger is generally directed at large organisations they view as infringing personal freedoms, these hacking groups demonstrate how sophisticated ‘informal’ hackers have become. Hacking is not the preserve of organised criminals working for profit, or computer geeks who never leave the house.

Around the world there are teenagers and aggrieved twenty-somethings for whom hacking is a hobby. They share information on shady internet forums, learning from one another until they collectively are able to access some of the most secure computer systems around.

Then they go to work for Information Security companies (in the case of Matthew Flannery, at least).

Organisations must be aware of the threats they face, both externally and from within. Employees must be subject to sensible and robust security procedures, and all systems must be secure against internal and external cyber attacks.

IT Governance has just released a new green paper briefing for organisations in the Asia-Pacific region on Information Security and ISO 27001 – the international best practice standard for information security management systems.